Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/5DTG2pQHtM0QiGmSH96_4M3Hn5k.roa
File:                     5DTG2pQHtM0QiGmSH96_4M3Hn5k.roa (raw, json)
Hash identifier:          ITY7NiqI6LopyqA5OlrdJTOTC/MthEeeabjTB3wyEhU=
Subject key identifier:   E4:34:C6:DA:94:07:B4:CD:10:88:69:92:1F:DE:BF:E0:CD:C7:9F:99
Certificate issuer:       /CN=ec9c685cf6671cc656f92e764557a38378f2827c
Certificate serial:       019C2DBEEC85810A75C0A9B224323556998B
Authority key identifier: EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/5DTG2pQHtM0QiGmSH96_4M3Hn5k.roa
Signing time:             Thu 05 Feb 2026 12:20:12 +0000
ROA not before:           Thu 05 Feb 2026 12:20:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396982
IP address blocks:        212.114.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2d:be:ec:85:81:0a:75:c0:a9:b2:24:32:35:56:99:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec9c685cf6671cc656f92e764557a38378f2827c
        Validity
            Not Before: Feb  5 12:20:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e434c6da9407b4cd108869921fdebfe0cdc79f99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:b4:3d:b4:4e:0d:ba:a7:d3:38:e4:12:ac:c0:
                    a8:71:d2:a6:bc:4b:af:1a:ef:bb:0c:f6:4c:82:ab:
                    5e:53:c7:47:bc:d1:d5:74:dd:3a:9e:2f:38:01:8d:
                    49:f3:e8:5a:e4:74:c1:6a:48:34:a2:73:8e:5b:bf:
                    04:fe:ea:c4:43:b4:4f:ac:53:d8:95:ab:87:00:45:
                    2f:51:1d:fe:1f:84:bc:6b:42:77:fe:7b:1f:21:7b:
                    d7:a6:30:a8:0d:f9:25:8c:1c:f2:24:75:08:14:24:
                    9e:30:a9:25:1d:f9:93:bc:7f:d7:69:18:91:4a:bb:
                    de:88:02:85:03:94:13:d2:2e:7a:9e:70:66:92:bd:
                    9d:17:28:ac:6d:43:f0:f6:aa:0c:f7:cf:7a:17:43:
                    1c:c8:b6:a8:47:8e:02:cb:c4:a4:39:25:bb:cf:f1:
                    06:e5:25:e5:03:e1:58:1b:77:b8:6c:1b:03:3b:7f:
                    41:8d:e8:8a:19:f0:10:de:81:a1:09:a0:5d:9e:a6:
                    78:4f:d8:af:d7:13:a1:2e:72:b1:a2:d0:8e:08:a3:
                    7d:c8:32:c5:64:4b:11:ff:1e:82:cb:48:c4:e4:dc:
                    9a:5b:2c:d2:71:6f:54:eb:53:f4:67:91:a2:d4:04:
                    03:0c:ce:a6:07:d7:fe:ff:cf:86:42:02:2e:00:88:
                    ae:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:34:C6:DA:94:07:B4:CD:10:88:69:92:1F:DE:BF:E0:CD:C7:9F:99
            X509v3 Authority Key Identifier:
                keyid:EC:9C:68:5C:F6:67:1C:C6:56:F9:2E:76:45:57:A3:83:78:F2:82:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JxoXPZnHMZW-S52RVejg3jygnw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/5DTG2pQHtM0QiGmSH96_4M3Hn5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/e9b56e-3b5b-43b1-8bb5-bab48dab4cd6/1/7JxoXPZnHMZW-S52RVejg3jygnw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.114.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:46:7a:fd:c3:f0:13:fc:89:64:f2:98:92:58:72:57:1b:23:
         70:85:ec:6e:65:3b:dc:2c:e0:3f:d0:82:68:78:ed:62:f2:3e:
         18:2d:89:05:3c:a0:96:e6:ae:f8:b8:1d:ba:71:37:8e:24:ed:
         47:1e:51:33:2b:89:f9:0f:6b:26:bc:fd:c1:32:8c:dd:f4:e7:
         34:e7:ef:c6:ad:0c:6c:0e:9f:7d:00:f9:2b:43:8c:06:1f:f8:
         a1:c3:4b:30:7b:cc:b8:b9:86:ce:8b:15:2c:a2:4f:9d:57:bd:
         fd:db:21:41:32:dc:6a:ce:18:de:ab:30:2c:af:7b:10:30:a6:
         f3:34:f5:34:04:21:36:25:1c:8f:73:e3:ad:bd:b1:4c:42:04:
         9c:e3:64:c3:5c:a4:60:1e:52:f1:63:e9:cb:b9:e9:d8:29:9b:
         ab:a9:e3:57:b4:ed:46:e3:86:e0:88:2e:53:f0:2b:97:4b:68:
         df:7a:72:53:d1:3d:9b:93:bd:ec:7e:ed:84:dd:16:85:6e:04:
         a6:62:a3:62:5e:5b:7b:fd:e3:eb:27:87:94:c7:d0:cb:43:85:
         80:19:ad:43:ad:0c:12:6b:ce:19:3c:77:70:65:7b:9f:3d:90:
         01:2a:f7:d3:36:d8:24:7d:39:61:a6:73:34:cc:88:69:1f:1e:
         47:c6:c2:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwtvuyFgQp1wKmyJDI1VpmLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOWM2ODVjZjY2NzFjYzY1NmY5MmU3NjQ1NTdhMzgzNzhm
MjgyN2MwHhcNMjYwMjA1MTIyMDEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDM0YzZkYTk0MDdiNGNkMTA4ODY5OTIxZmRlYmZlMGNkYzc5Zjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2LQ9tE4NuqfTOOQSrMCocdKmvEuv
Gu+7DPZMgqteU8dHvNHVdN06ni84AY1J8+ha5HTBakg0onOOW78E/urEQ7RPrFPY
lauHAEUvUR3+H4S8a0J3/nsfIXvXpjCoDfkljBzyJHUIFCSeMKklHfmTvH/XaRiR
SrveiAKFA5QT0i56nnBmkr2dFyisbUPw9qoM9896F0McyLaoR44Cy8SkOSW7z/EG
5SXlA+FYG3e4bBsDO39BjeiKGfAQ3oGhCaBdnqZ4T9iv1xOhLnKxotCOCKN9yDLF
ZEsR/x6Cy0jE5NyaWyzScW9U61P0Z5Gi1AQDDM6mB9f+/8+GQgIuAIiuNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOQ0xtqUB7TNEIhpkh/ev+DNx5+ZMB8GA1UdIwQY
MBaAFOycaFz2ZxzGVvkudkVXo4N48oJ8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUt
YmFiNDhkYWI0Y2Q2LzEvNURURzJwUUh0TTBRaUdtU0g5Nl80TTNIbjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi9lOWI1NmUtM2I1Yi00M2IxLThiYjUtYmFiNDhkYWI0Y2Q2
LzEvN0p4b1hQWm5ITVpXLVM1MlJWZWpnM2p5Z253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HI1MA0G
CSqGSIb3DQEBCwUAA4IBAQBCRnr9w/AT/Ilk8piSWHJXGyNwhexuZTvcLOA/0IJo
eO1i8j4YLYkFPKCW5q74uB26cTeOJO1HHlEzK4n5D2smvP3BMozd9Oc05+/GrQxs
Dp99APkrQ4wGH/ihw0swe8y4uYbOixUsok+dV7392yFBMtxqzhjeqzAsr3sQMKbz
NPU0BCE2JRyPc+OtvbFMQgSc42TDXKRgHlLxY+nLuenYKZurqeNXtO1G44bgiC5T
8CuXS2jfenJT0T2bk73sfu2E3RaFbgSmYqNiXlt7/ePrJ4eUx9DLQ4WAGa1DrQwS
a84ZPHdwZXufPZABKvfTNtgkfTlhpnM0zIhpHx5HxsLM
-----END CERTIFICATE-----